<div class="sect1">
<h2 id="_description">Description</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Because <code>printf</code> format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result in the wrong strings being created. This rule statically validates the correlation of <code>printf</code> format strings to their arguments.</p>
</div>
<div class="paragraph">
<p>The related rule <a data-rspec-id="S2275" class="rspec-auto-link">S2275</a> is about errors that will create undefined behavior, while this rule is about errors that produce an unexpected string.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_noncompliant_code_example">Noncompliant Code Example</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-cpp" data-lang="cpp">printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused
printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"</code></pre>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_compliant_solution">Compliant Solution</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-cpp" data-lang="cpp">printf("%d %d", 1, 2); // Compliant
printf("%-f", 1.2); // Compliant</code></pre>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_exceptions">Exceptions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>This rule will only work if the format string is provided as a string literal.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_see">See</h2>
<div class="sectionbody">
<div class="ulist">
<ul>
<li>
<p><a href="https://wiki.sei.cmu.edu/confluence/x/J9YxBQ">CERT, FIO47-C.</a> - Use valid format strings</p>
</li>
</ul>
</div>
<hr>
</div>
</div>
<div class="sect1">
<h2 id="_implementation_specification">Implementation Specification</h2>
<div class="sectionbody">
<div class="paragraph">
<p>(visible only on this page)</p>
</div>
<div class="sect2">
<h3 id="_message">Message</h3>
<div class="paragraph">
<p>XXXX</p>
</div>
<hr>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_comments_and_links">Comments And Links</h2>
<div class="sectionbody">
<div class="paragraph">
<p>(visible only on this page)</p>
</div>
<div class="sect2">
<h3 id="_is_duplicated_by_s3941">is duplicated by: <a data-rspec-id="S3941" class="rspec-auto-link">S3941</a></h3>

</div>
<div class="sect2">
<h3 id="_is_related_to_s2275">is related to: <a data-rspec-id="S2275" class="rspec-auto-link">S2275</a></h3>

</div>
<div class="sect2">
<h3 id="_on_10_dec_2015_090759_tamas_vajk_wrote">on 10 Dec 2015, 09:07:59 Tamas Vajk wrote:</h3>
<div class="paragraph">
<p>\[~ann.campbell.2] Removed the performance label, as the performance impact is insignificant.</p>
</div>
</div>
<div class="sect2">
<h3 id="_on_10_dec_2015_144405_ann_campbell_wrote">on 10 Dec 2015, 14:44:05 Ann Campbell wrote:</h3>
<div class="paragraph">
<p>I&#8217;ve updated SQALE characteristic to match [~tamas.vajk]</p>
</div>
</div>
</div>
</div>